Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 20.04

=======================================================================
E P I C A l e r t
=======================================================================
Volume 20.04 March 3, 2013
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/epic_alert_20.04.html
"Defend Privacy. Support EPIC."
http://epic.org/donate
===========================================================================
Table of Contents
===========================================================================
[1] Supreme Court Blocks Challenge to FISA Surveillance
[2] EPIC Obtains Counterterrorism Data-Collection Docs on US Citizens
[3] EPIC Challenges Secret Statute in WikiLeaks Case
[4] EPIC: DHS Backscatter Training Manuals Don't Include Privacy Plans
[5] FTC Approves Final Settlement with Consumer Tracking Firm
[6] News in Brief
[7] EPIC in the News
[8] Book Review: 'When Gadgets Betray Us'
[9] Upcoming Conferences and Events
TAKE ACTION: Sign EPIC's Petition to Suspend CBP's Drone Program!
- READ the FAA Announcement: http://epic.org/redirect/030113-FAA.html
- LEARN about Drones: http://epic.org/privacy/drones/
- SUPPORT EPIC: http://www.epic.org/donate/
========================================================================
[1] Supreme Court Blocks Challenge to FISA Surveillance
========================================================================
The US Supreme Court ruled February 26 that Clapper v. Amnesty
International USA, a constitutional challenge to the Foreign
Intelligence Surveillance Act (FISA), could not go forward, contending
that the case's Respondents had not presented sufficient proof to
establish standing to sue the federal government.
In 2008, a group of attorneys and journalists alleged that the US
government could be intercepting their communications with their
foreign contacts in violation of the Fourth Amendment. The FISA
Amendments Act allows the National Security Agency to warrantlessly
intercept electronic communications with overseas persons so long as no
US persons are "intentionally targeted." The Respondents, who routinely
communicate with individuals who have links to Al Qaeda, said the
government almost certainly was intercepting their communications
without a court order.
In a divided 5-4 decision, Justice Samuel Alito wrote that the group's
alleged injuries were too speculative to be considered. The Court's
majority said that the group could not prove, with "certainly
impending" likelihood, that the government has intercepted or would
intercept their communications. The Court also stated that the group's
expenditures and attempts to avoid government surveillance were
likewise insufficient to have their case heard. Chief Justice Roberts
and Justices Scalia, Kennedy, and Thomas also signed on to the majority
opinion.
Justice Stephen Breyer, joined by Justices Ginsburg, Kagan, and
Sotomayor, dissented, stating that the Court's "certainly impending"
standard was inconsistent with prior decisions. Justice Breyer wrote
that to be heard in court, a party need only show a reasonable
apprehension or "reasonable probability" that they will be injured by
the government's actions. Breyer wrote that these attorneys and
journalists communicate with exactly the types of individuals that the
government would have an interest in monitoring, and therefore making
it likely that their communications are being or would be intercepted.
Justice Breyer also cited EPIC's "friend of the court" brief, which
described the NSA's "almost boundless capacity to intercept private
communications, including those of U.S. Persons." EPIC's brief also
discussed the history of the NSA's warrantless wiretapping, the NSA's
expanding capabilities, and FISA's lack of transparency or oversight.
US Supreme Court: Opinion in Clapper v. Amnesty Int'l (Feb. 26, 2013)
http://www.supremecourt.gov/opinions/12pdf/11-1025_ihdj.pdf
EPIC: "Friend of the Court Brief" in Clapper v. Amnesty
http://epic.org/amicus/fisa/clapper/EPIC-Amicus-Brief.pdf
EPIC: Clapper v. Amnesty Int'l USA
http://epic.org/amicus/fisa/clapper/
EPIC: FISA
http://epic.org/privacy/terrorism/fisa/
========================================================================
[2] EPIC Obtains Counterterrorism Data-Collection Docs on US Citizens
========================================================================
As a result of a Freedom of Information Act lawsuit, EPIC has obtained
previously secret training slides from the Office of the Director of
National Intelligence detailing the agency's guidelines for collection,
dissemination, and retention of information about United States
citizens. EPIC had sued ODNI in August 2012 after the agency failed to
respond to several EPIC FOIA requests about ODNI's plan to increase
data collection on Americans.
The documents recently obtained by EPIC as a result of the lawsuit
outline ODNI's policies for collecting data and shed light on the legal
standard to retain data indefinitely. The guidelines allow for
unlimited retention of information about US persons if there is a
"reasonable and articulable suspicion" that the information is
terrorism information. However, the agency concedes that "there is no
requirement that the analyst's wisdom be rock solid or infallible" and
allows retention "even if the facts individually appear innocent in
nature." EPIC is still seeking documents about the agency's
information-sharing agreements, privacy protections, and mechanisms to
correct errors in databases. EPIC's FOIA request was sparked by the
March 2012 update to the National Counterterrorism Center guidelines,
which now allow the retention of data for up to five years on US
citizens who have no obvious connection to terrorist activities.
EPIC has filed other Freedom of Information Act requests with the
Office of the Director of National Intelligence, seeking the "priority
list" of databases ODNI planned to copy; data accuracy and security
safeguards; agreements and disputes between the ODNI and agency heads;
and interpretations of key standards used to identify "terrorism
information."
EPIC previously has sought documents related to the collection of
information on US persons. Currently EPIC is suing the Central
Intelligence Agency to release a report prepared by the CIA Inspector
General that addresses possible domestic surveillance by the agency.
ODNI: NCTC Training Guideline Slides Obtained by EPIC under FOIA
http://epic.org/foia/odni/File-1-2.pdf
EPIC: 1st FOIA Request to ODNI (Mar. 28, 2012)
http://epic.org/foia/odni/FOIA%20Request%20March%2028.PDF
EPIC: 2nd FOIA Request to ODNI (June 14, 2012)
http://epic.org/foia/odni/FOIA%20Request%20June%2014.PDF
EPIC: FOIA Lawsuit Against ODNI (Aug. 1, 2012)
http://epic.org/foia/odni/1-main.pdf
EPIC: EPIC v. ODNI
http://epic.org/foia/odni/epic_v_odni.html
EPIC: EPIC v. CIA - Domestic Surveillance
http://epic.org/foia/cia/domesticsurveillance.html
=========================================================================
[3] EPIC Challenges Secret Statute in WikiLeaks Case
=========================================================================
EPIC has filed a Freedom of Information Act lawsuit against the US
Department of Justice, seeking information on the agency's reliance on
secret legal authority to conduct surveillance of individuals who have
expressed interest in WikiLeaks.
EPIC's FOIA request stemmed from a November 2010 incident in which
WikiLeaks posted 220 confidential American diplomatic cables on the
WikiLeaks.org web site. The US government attempted to restrict access
to the documents, and subsequently opened an investigation into the
WikiLeaks release, attempting to identify users who accessed the
WikiLeaks documents. The federal investigation included inquiries into
Amazon.com, the company that hosted the WikiLeaks website, as well as
PayPal and other online payment processors who facilitated donations
to WikiLeaks.
In June 2011, EPIC submitted FOIA requests to the Criminal and National
Security Divisions of the Department of Justice, and to the Federal
Bureau of Investigation. EPIC requested records including: any
individuals targeted for surveillance because of their support for or
interest in WikiLeaks; lists of names of individuals who have
demonstrated support for or interest in WikiLeaks; agency
communications with Internet or social media companies about
individuals who have demonstrated support for or interest in
WikiLeaks; and any agency communications with financial services
companies about individuals who may have donated money to WikiLeaks.
To date, the FBI and both DOJ divisions have failed to provide any
documents in response to EPIC's June 2011 requests. EPIC filed
Administrative Appeals with the FBI and the National Security Division
of the DOJ in September 2011, and with the DOJ's Criminal Division in
October 2011. The DOJ has withheld from disclosure certain information
responsive to the EPIC request but will not reveal the legal basis for
the decision.
In January 2012, EPIC filed a lawsuit against both the DOJ and the FBI
based on the agencies' non-responsiveness to EPIC's request, and to
compel the disclosure of the requested documents. EPIC's lawsuit
maintains that secret law "poses unique concerns to democratic
governance and undermines the purpose of the FOIA."
EPIC: Opposition to Defendant's Motion in EPIC v. DOJ (Feb. 18, 2013)
http://epic.org/foia/doj/EPIC-v-DOJ-WikiLeaks-exparteopp.pdf
EPIC: Administrative Appeal in EPIC v. DHS (WikiLeaks) (Aug. 5, 2011)
http://epic.org/redirect/030113-epic-admin-appeal-wikileaks.html
EPIC: EPIC v. DOJ (WikiLeaks)
http://epic.org/foia/epic_v_doj_fbi_WikiLeaks.html
EPIC: Open Government
http://epic.org/open_gov/
========================================================================
[4] EPIC: DHS Backscatter Training Manuals Don't Include Privacy Plans
========================================================================
In response to an EPIC Freedom of Information Act request, the
Department of Homeland Security has released documents on US Secret
Service's use of backscatter machines. EPIC sought information about
the types of images captured by backscatter devices, the length of time
the images can be stored, and safeguards for maintaining the integrity
and security of the captured images. EPIC also requested any
information from DHS about body scanner radiation risks.
The FOIA materials received by EPIC include the sales contract between
the US government and body scanner manufacturer Rapiscan, and the
Secret Service's training manuals for instructing new recruits on the
operation of body scanners. The training materials make no mention of
data privacy.
In the "FAA Modernization and Reform Act of 2012", Congress mandated
that all airport body scanners be equipped with privacy-enhancing
software by June 1, 2012. The documents do not specify whether the
body scanners used by the US Secret Service comply with this mandate.
EPIC sued the Department of Homeland Security in 2012 to force
disclosure of technical documents about the body scanner program. The
documents EPIC received reveal that DHS publicly mischaracterized the
National Institute of Standards and Technology's findings on
backscatter machines' safety, stating that NIST had "affirmed the
safety" of full body scanners. In fact, NIST never tested full-body
scanners for safety.
In a related lawsuit, EPIC v. DHS, the DC Circuit Court of Appeals
determined in 2011 that air travelers have a right to opt-out of the
body-scanner screening and that the TSA must undertake a public notice
and comment rulemaking. In the most recent decision, the court ordered
DHS to begin the public comment process by March 2013. Despite the
court order for public comment on body scanners, in September 2012 the
Department of Homeland Security awarded $245 million in contracts for
body scanners without public input.
EPIC: FOIA Request to Secret Service re: Body Scanners (Apr. 20, 2012)
http://epic.org/foia/dhs/usss/Secret-Service-FOIA-Request.pdf
US Secret Service: Contracts for Body Scanners
http://epic.org/foia/dhs/usss/Secret-Service-Contracts.pdf
US Secret Service: Body Scanner Training Manual
http://epic.org/foia/dhs/usss/Secret-Service-Docs-1.pdf
EPIC: EPIC v. DHS (Suspension of Body Scanner Program)
http://epic.org/redirect/030113-epic-v-dhs-scan-suspension.html
EPIC: Whole Body Imaging Technology and Body Scanners
http://epic.org/privacy/airtravel/backscatter/
========================================================================
[5] FTC Approves Final Settlement with Consumer Tracking Firm
========================================================================
The Federal Trade Commission has adopted a proposed settlement with
Compete Inc., a company that develops software for tracking consumers
as they shop, browse and interact with different Web sites across the
Internet. As part of the Compete registration process, consumers
installed tracking software that "collected the names of all Web sites
visited; all links followed; advertisements displayed when Web sites
were visited; and information that consumers entered into some web
pages", even otherwise secure Web pages. Data collected including
credit card and financial account numbers, usernames, passwords, and
search terms.
The Commission's initial complaint alleged that Compete failed to adopt
reasonable data security practices and deceived consumers about the
amount of personal information collected by the toolbar and survey
panel. The FTC also charged Compete with deceptive practices for
falsely claiming that the retained data had been anonymized. The
settlement order requires Compete to obtain express consent from
consumers before collecting data. The company is similarly required to
delete or anonymize the data it has already collected and to provide
users with instructions for uninstallation of the Compete toolbar.
In November 2012 comments to the FTC, EPIC recommended that the agency
also require Compete to implement Fair Information Practices similar to
those contained in the Consumer Privacy Bill of Rights, and develop a
best-practices guide to de-identification techniques. The Consumer
Privacy Bill of Rights, published by the White House in February 2012,
sets out a comprehensive framework of consumer privacy protections.
EPIC's comments maintained that Compete's adherence to the Consumer
Privacy Bill of Rights would impose requirements on the company's
collection and use of personal social networking information, and
grant Compete users control over their data and the right to access
and amend their personal information. Additionally, Compete should
have been required to develop best-practices principles for de-
identification, thus providing "businesses and consumer groups
something more concrete against which to measure claims of de-
identification and anonymity."
While the FTC declined to adopt EPIC's recommendations, the
Commission acknowledged that, as EPIC had noted, the FTC's "chief
technologists have discussed some anonymization techniques as an aid to
industry. However, generally, the Commission does not provide specific
technical guidance in areas like this, which are constantly changing.
It is a company's responsibility to keep abreast of and select the
technology that it believes best meets its needs and requirements while
appropriately protecting consumer privacy."
FTC: Settlement with Compete Inc. (Feb. 20, 2013)
http://www.ftc.gov/os/caselist/1023155/130222competedo.pdf
FTC: Letter to EPIC re: Compete Inc. Settlement (Feb. 20, 2013)
http://www.ftc.gov/os/caselist/1023155/130222competeepicletter.pdf
EPIC: Comments to FTC re: Compete Inc. (Nov. 19, 2012)
http://epic.org/privacy/ftc/EPIC-FTC-Comments-Compete.pdf
The White House: Consumer Privacy Bill of Rights (Feb. 2012)
http://www.whitehouse.gov/sites/default/files/privacy-final.pdf
EPIC: Federal Trade Commission
http://epic.org/privacy/internet/ftc/
EPIC: Re-Identification
http://epic.org/privacy/reidentification/
EPIC: Consumer Profiling
http://epic.org/privacy/profiling/default.html
=========================================================================
[6] News in Brief
=========================================================================
EPIC Thanks Congress for FOIA Oversight, Calls for Focus on Transparency
EPIC, along with more than 40 government transparency organizations,
thanked the US House Committee on Oversight for sending a letter to the
Department of Justice about the importance of the Freedom of
Information Act. The open-government organizations stated in the letter
to Oversight Committee Chairs Reps. Darell Issa (R-CA) and Elijah
Cummings (D-MD) that "outdated FOIA regulations, excessive fee
assessments, growing FOIA backlogs, and the misuse of exemptions are
issues that continually frustrate FOIA requesters" and expressed hope
that the Committee would share the Department of Justice's responses
with the public. EPIC also joined more than two-dozen transparency
groups in a letter to President Obama, asking him to renew his
commitment to transparency and FOIA. The President issued a
memorandum on Transparency and Open Government in 2009.
Open Gov't Coalition: Letter to US House FOIA Committee (Feb. 19, 2013)
http://epic.org/redirect/030113-openthegov-foia-thankyou.html
House Oversight Committee: Letter to OIP re: Open Govt. (Feb. 4, 2013)
http://epic.org/redirect/030113-openthegov-letter-oip.html
Open Gov't Coalition: Letter to President Obama on FOIA (Feb. 19. 2013)
http://epic.org/redirect/030113-openthegov-letter-obama.html
The White House: Memorandum on Transparency and Open Govt. (Jan. 2009)
http://epic.org/redirect/030113-whitehouse-transparency.html
EPIC: Open Government
http://epic.org/open_gov/
'Sniff up to Snuff,' Says Supreme Court in Drug-Detecting Dog Case
The US Supreme Court unanimously ruled February 19 in Florida v. Harris
that law enforcement may use drug-detection dogs to conduct searches
without a warrant, even when the dog finds drugs it is not trained to
detect. The Florida Supreme Court ruled in 2011 that the search against
defendant Harris was unlawful because the State failed to provide field
performance records to establish the dog's reliability. The Court, in
an opinion written by Justice Elena Kagan, rejected the Florida court's
"inflexible checklist" of necessary evidence in favor of a more
flexible, "common-sensical standard." EPIC filed a "friend of the court"
brief in the case, arguing that "investigative techniques should be
used based on research, testing, and data indicating reliability." EPIC
cited a recent National Academy of Sciences report highlighting the
lack of reliable standards for investigative techniques. Earlier in
February, the US Department of Justice announced a new initiative to
improve forensics reliability.
EPIC: Florida v. Harris
http://epic.org/amicus/harris/
US Supreme Court: Decision in Florida v. Harris (Feb. 19, 2013)
http://www.supremecourt.gov/opinions/12pdf/11-817_5if6.pdf
Florida Supreme Court: Decision in Florida v. Harris (Apr. 21, 2011)
http://www.floridasupremecourt.org/decisions/2011/sc08-1871.pdf
EPIC: "Friend of the Court" Brief in Florida v. Harris (Aug. 31, 2012)
http://epic.org/amicus/harris/EPIC-Amicus-Brief.pdf
National Academies: "Strengthening Forensic Science in the US" (2009)
https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf
Sen. P. Leahy (D-VT): Press Release on US DoJ Forensics (Feb. 15, 2013)
http://epic.org/redirect/030113-leahy-forensics.html
Supreme Court to Hear Arguments On Warrantless DNA Collection
The US Supreme Court will hear arguments in Maryland v. King, a case
centering on whether the Fourth Amendment allows warrantless,
suspicionless DNA collection from anyone arrested, but not convicted,
of a "serious crime." Petitioner State of Maryland will argue that
states should be permitted to use DNA to investigate cold cases even
when the arrestee is not a suspect. Respondent King will argue that the
Fourth Amendment requires a probable cause warrant for routine law
enforcement investigations. EPIC, joined by 27 technical experts and
legal scholars, filed a "friend of the court" brief in the case that
describes how DNA collection and use "has grown dramatically and
unpredictably over time." EPIC has asked the US Supreme Court to affirm
the decision of the Maryland Supreme Court, which held that a warrant
is required for the collection of a DNA sample.
US Supreme Court: Maryland v. King
http://epic.org/redirect/030113-scotus-md-king.html
ABA: Petition of State of MD in Maryland v. King (Dec. 26, 2012)
http://epic.org/redirect/030113-petition-state-md-king.html
ABA: Petition of Respondent King in Maryland v. King (Jan. 2013)
http://epic.org/redirect/030113-petition-respondent-md-king.html
EPIC: "Friend of the Court" Brief in Maryland v. King (Feb. 1, 2013)
http://epic.org/amicus/dna-act/maryland/EPIC-Amicus-Brief.pdf
EPIC: Maryland v. King
http://epic.org/amicus/dna-act/maryland/default.html
EPIC: Genetic Privacy
http://epic.org/privacy/genetic/
New Legislation Aimed At Protecting Privacy From Domestic Drones
US Representatives Ted Poe (R-TX) and Zoe Lofgren (D-CA) have
introduced the "Preserving American Privacy Act of 2013," a bill
designed to provide individual privacy protections against drone
surveillance. The bill requires all US drone operators to submit a
public data collection statement that includes a description of the
drone's purpose and intended operations. The bill also requires a
warrant in order for drone surveillance information to be received as
evidence, and includes a ban on equipping drones with firearms. EPIC
twice has asked Congress to protect individual privacy against increased
use of domestic drones. In 2012, EPIC, joined by over 100 organizations,
experts, and members of the public, petitioned the FAA to establish
privacy safeguards.
Rep. Ted Poe: Press Release on Drone Privacy Bill (Feb. 13, 2013)
http://epic.org/redirect/030113-poe-drone-press-release.html
"Preserving American Privacy Act of 2013"
http://epic.org/redirect/030113-preserving-american-privacy-act.html
EPIC: Testimony Before US Congress on Drones (Jul. 12, 2012)
http://epic.org/privacy/testimony/EPIC-Drone-Testimony-7-12.pdf
EPIC: Testimony Before US Congress on Drones (Oct. 25, 2012)
http://epic.org/privacy/drones/EPIC-Drones-Testimony-102512.pdf
EPIC et al.: Petition to FAA on Domestic Drone Use (Mar. 8, 2012)
http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf
EPIC: Unmanned Aerial Vehicles (UAVs) and Drones
http://epic.org/privacy/drones/
DHS Working Group to Consider Privacy Impact of Drones
The Department of Homeland Security has released a previously internal
memo regarding the establishment of a working group to "Safeguard
Privacy, Civil Rights, and Civil Liberties in the Department's Use and
Support of Unmanned Aerial Systems [drones]." The memo states, "[t]he
overarching goal of the working group is to determine what policies and
procedures are needed to ensure that protections for privacy, civil
rights, and civil liberties are designed into DHS and DHS-funded
[drone] programs." DHS has developed a program to explore the expansive
use of small drones for law enforcement. US Customs and Border
Protection currently operates 10 Predator B drones within the US. In
testimony before Congress in July 2012, EPIC said that federal agencies
operating drones should adopt privacy regulations.
DHS: Letter re: Release of Internal Memo (Sept. 14, 2012)
http://epic.org/redirect/030113-DHS-release-internal-memo.html
DHS: Report on RAPS Drone Project (Nov. 16, 2012)
http://epic.org/redirect/030113-DHS-RAPS-report.html
US CBP: Documents on Predator Drones (Aug. 17, 2012)
http://epic.org/redirect/030113-CPB-predator-docs.html
EPIC: Testimony Before US Congress on Drone Use (Jul. 12, 2012)
http://epic.org/privacy/testimony/EPIC-Drone-Testimony-7-12.pdf
EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones
http://epic.org/privacy/drones/
EU Prepares Action Against Google
French data protection regulator CNIL, acting on behalf of the
European Union, has announced it will take action against Google after
Google failed to reply to CNIL's questions about the company's
handling of user information. EU authorities are setting up a working
group, led by CNIL, to coordinate their response. The group is expected
to take action before summer 2013. In October 2012, officials
representing 24 European countries sent a letter to Google, requiring
it to comply with European data protection laws and give users greater
control over their personal information. The letter asked Google to
clarify how it combines customer data from its various services, and
establishes precise data retention policies. Google did not respond.
CNIL's action followed an investigation triggered by Google's change in
privacy policies in March 2012, which allowed the company to combine
user data across 60 Internet services. Also in 2012, EPIC sued the
Federal Trade Commission to enforce the terms of a prior settlement
with Google. Google has previously been sanctioned and fined by the FTC
for violating user privacy. As a result, Google is subject to regular
privacy audits and is not allowed to make deceptive changes to privacy
practices.
CNIL: Press Release on Google Privacy Policy Action (Feb. 18, 2013)
http://epic.org/redirect/030113-CNIL-google-data.html
CNIL: Letter to Google re: Privacy Policies (Oct. 16, 2012)
http://epic.org/redirect/030113-CNIL-google-letter.html
NAAG: Letter to Google re: Privacy Policies (Feb. 22, 2012)
http://epic.org/redirect/030113-NAAG-letter-google.html
Congressional Privacy Caucus: Letter to FTC re: Google (Feb. 17, 2012)
http://epic.org/redirect/030113-priv-caucus-letter-google.html
EPIC: In re Google Buzz
http://epic.org/privacy/ftc/googlebuzz/
EPIC: Enforcement of Google Consent Order
http://epic.org/privacy/ftc/google/consent-order.html
EPIC: EU Data Protection Directive
http://epic.org/privacy/intl/eu_data_protection_directive.html
=======================================================================
[7] EPIC in the News
=======================================================================
"The FAA Wants to Hear from You About Privacy and Domestic Drones."
Lawfare, Mar. 1, 2013.
http://epic.org/redirect/030113-lawfare-drones-epic.html
"Predator Drones Keep an Eye on the Border, Documents Show." The New
York Times, Feb. 28, 2013.
http://epic.org/redirect/030113-nytimes-drones-epic.html
"FTC, Compete Finalize Privacy Settlement." MediaPost, Feb. 25, 2013.
http://epic.org/redirect/030112-mediapost-ftc-compete-epic.html
"Homeland Security: Let's be clear about aerial drone privacy." CNET,
Feb. 22, 2013.
http://epic.org/redirect/030112-cnet-drones-epic.html
"If You're Collecting Our Data, You Ought to Protect It." The New
York Times, Feb. 16, 2013.
http://epic.org/redirect/030112-nytimes-data-epic.html
"National Counterterrorism Center's 'Terrorist Information' Rules
Outlined In Document." The Huffington Post, Feb. 15, 2013.
http://epic.org/redirect/030112-huffpost-nctc-epic.html
"FBI Files Unlock History Behind Clandestine Cellphone Tracking Tool."
Slate, Feb. 15, 2013.
http://epic.org/redirect/030112-slate-stingray-epic.html
"FAA Promises Privacy Standards for Domestic Drones." Information
Week, Feb. 15, 2013.
http://epic.org/redirect/030113-infoweek-drones-epic.html
"Google raises new privacy concerns with app store policy." Chicago
Tribune, Feb. 14, 2013.
http://epic.org/redirect/030112-chitrib-appstore-epic.html
For More EPIC in the News:
http://epic.org/news/epic_in_news.html
========================================================================
[8] Book Review: 'When Gadgets Betray Us'
========================================================================
"When Gadgets Betray Us: The Dark Side of Our Infatuation with New
Technology," Robert Vamosi
http://epic.org/redirect/030113-when-gadgets-betray-us-vamosi.html
Robert Vamosi says your electronic devices are security incidents
waiting to happen. And if the devices themselves won't fail you,
hackers are waiting to grab your loose data and run. But security
researcher and tech journalist Vamosi's latest book, "When Gadgets
Betray Us: The Dark Side of Our Infatuation with New Technology," isn't
an anti-technology screed; rather, it's a reasoned, compelling, and
even entertaining look at how consumer demand for faster, more
convenient and more feature-rich equipment is creating increasingly
dangerous insecure gadgets.
"How we use our gadgets is only half of the problem," Vamosi says.
"The other half is the hardware itself. We fail to recognize that
these same gadgets can fail. Or that they can be made to lie. Or
track our every move." According to Vamosi, "gadget betrayal" generally
falls into a few categories: security flaws exploitable by those with
malicious intent; security flaws inherent in software design and user
interface; and data "leakage" in a device's interaction with the
Internet.
Sometimes the flaws are apparently accidental - as when security
researchers discovered in 2011 that iPhones were creating locational
"breadcrumb trails" of their owners. But that same data was used
purposely to create locational iOS apps like "Find My Friends," which
can be easily exploited by stalkers and data brokers.
"When Gadgets Betray Us" provides readers with an extensive vocabulary
of hacking techniques (buffer overflows, SQL injections, keystroke
logging, man-in-the-middle attacks) and an equally extensive list of
objects that can be hacked, leave "breadcrumb trails," or both (cars,
digital cameras, transponders, medical devices, smartphones). Vamosi
stresses repeatedly, however, that he doesn't intend to frighten his
audience, but merely provide it with enough data to make informed
decisions about how, where, and when they use their electronic devices.
Vamosi seems to have a fascination with the ethically ambiguous
security hackers who frequent conventions like BlackHat and DefCon and
publicize security flaws of devices ranging from electronic hotel keys
to medical implants to automobile "black boxes." Vamosi's response?:
Don't give up your gadgets - just be careful. Security, he says, is
constructed in layers: If the hardware gets hacked, let your software
protect it. If your device leaks data, harden it with encryption. Don't
make it easy for anyone - criminals, online advertisers, jilted
lovers - to take down your gadget, your bank account, or your privacy.
Just like we lock our houses when we go out rather than staying
fearfully at home, we need to learn how to lock our electronic
"homes" - and demand better virtual locks from manufacturers. "'That's
all security is,'" Vamosi says. "'Barriers to slow someone down.'"
- EC Rosenberg
================================
EPIC Publications:
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75
http://epic.org/bookstore/foia2010/
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access laws.
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the 25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
================================
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC Bookstore
http://www.epic.org/bookstore
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
http://mailman.epic.org/mailman/listinfo/foia_notes
=======================================================================
[9] Upcoming Conferences and Events
=======================================================================
"Location Tracking and Biometrics Conference." 3 March 2013, Yale
University, New Haven, CT. For More Information:
http://yaleisp.org/event/location-tracking-and-biometrics-conference.
"Drones.edu: Hands on the Future in the Classroom." SXSW, 6 March
2013, Austin, TX. For More Information: http://sxswedu.com/.
2013 D.C. Open Government Summit. 13 March 2013, Washington, DC.
For More Information: http://www.dcogc.org/node/1621.
"Online Privacy: Consenting to your Future." 21-22 March 2013,
Portomaso, Malta. For More Information:
http://www.onlineprivacyconference.eu.
EPIC Champion of Freedom Awards Dinner. 3 June 2013, Washington, DC.
For More Information: http://epic.org/june3.
2013 Health Privacy Summit, 5-6 June 2013, Washington, DC. For More
Information: http://www.healthprivacysummit.org/events/2013-health-
privacy-summit/event-summary-1bfa9be80d364092aeed1a8803377fa8.aspx.
22nd Annual Computers, Freedom, & Privacy Conference. 25-26 June 2013,
Washington, DC. For More Information: Contact Chris Calabrese at
ccalabrese@dcaclu.org.
=======================================================================
Join EPIC on Facebook and Twitter
=======================================================================
Join the Electronic Privacy Information Center on Facebook and Twitter:
http://facebook.com/epicprivacyhttp://epic.org/facebook
http://twitter.com/epicprivacy
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
=======================================================================
Donate to EPIC
=======================================================================
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
=======================================================================
Subscription Information
=======================================================================
Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.04------------------------